<?php

include_once 'include.php';
$template = new template("Users");
$users = new users();
$menu = menu();
$use = $db->get_row("Select * from Users where id='".$_SESSION['id']."'");
$page = "list";
$id = 0;
$message = null;
if(isset ($_GET["page"]))$page = $_GET["page"];
if(isset ($_GET["id"]))$id = $_GET["id"];
if(isset ($_GET["message"]))$message = $_GET["message"];
if(isAdminLoggedIn())
{
    switch ($page) {
        case "list":
            $template->addContent($users->listUsers($message));
        break;

     case "edit":
            $template->addContent($users->editUser($id));
        break;

    case "update":
            $users->updateUser();
        break;

    case "delete":
            $users->deleteUser($id);
        break;

     case "addUser":
            $template->addContent($users->addUser());
        break;

    case "added":
            $users->added();
        break;
        default:
            break;
    }
}
else
{
$template->addContent("You are not authorized to view this page. Please <a href = 'login.html'> Log In </a> as Admin to view page");
}
$template->showMenu($menu);
$template->showLogin("Welcome");
$template->showUser($use->name.' | <a href="logout.php" class="logout">Logout</a>');
$template->genPage();
class users
{
    function listUsers($message)
    {
        global $db;
        $page = "<h2> Users </h2>";
        $users = $db->get_results("SELECT * FROM users");
        if($message != null)
        $page .= "<div class='valid_box'> ".$message."</div>";
        $page .= "<div> <input type = 'button' Value ='Add User' onClick=\"top.location.href='users.php?page=addUser'\"></div>";
        $page .= "<table id='rounded-corner'>";
        if($users != null)
        {
          $page .= "<th class = 'rounded' > Username </th>";
          //$page .= "<th class = 'rounded' > Password </th>";
          $page .= "<th class = 'rounded' > Name </th>";
          $page .= "<th class = 'rounded' > Surname </th>";
          $page .= "<th class = 'rounded' > Admin </th>";
          $page .= "<th class = 'rounded' > Edit </th>";
          $page .= "<th class = 'rounded' > Delete </th>";
          /*  for($c = 1; $c < 2; $c++)
	{
		echo "<th class = 'rounded' > ".mysql_field_name($users,$c)."</th>"; //The headings of the colums
	}*/
            foreach ( $users as $user )
            {
                $page .= "<tr>";
                    $page .= "<td>";
                        $page.=$user->username;
                    $page .= "</td>";
                    /*$page .= "<td>";
                        $page.=$user->password;
                    $page .= "</td>";*/
                    $page .= "<td>";
                        $page.=$user->name;
                    $page .= "</td>";
                    $page .= "<td>";
                        $page.=$user->surname;
                    $page .= "</td>";
                    $page .= "<td>";
                        $page.= getAdminName($user->admin);
                    $page .= "</td>";
                    
                    $page .= "<td>";
                        $page .= "<img src = 'images/user_edit.png' onclick=\"top.location.href='users.php?page=edit&id=".$user->id."'\"/>";
                    $page .= "</td>";
                    
                    $page .= "<td>";
                        $page .= '<a href="users.php?page=delete&id='.$user->id.'" class="ask"><img src="images/trash.png" alt="" title="" border="0"></a></td>';
                    $page .= "</td>";
                $page .= "</tr>";
            }
        }
            
        $page .= "</table>";
        
        return $page;
    }
    
    
    function editUser($id)
    {
        $page = "";
        global $db;
        
        $user = $db->get_row('Select * from Users where id ='.$id);
        
        $page .= "<div class='form'>
         <form action='users.php?page=update' method='post' class='niceform'>
         
                <fieldset>
                <input type ='hidden' value = '".$id."'name='id'/>
                    <dl>
                        <dt><label for='username'>Username:</label></dt>
                        <dd><input type='text' name='username' id='' size='54' value= '".$user->username."' /></dd>
                    </dl>
                    <dl>
                        <dt><label for='password'>Password:</label></dt>
                        <dd><input type='password' name='password' id='' size='54' value= '".$user->password."'/></dd>
                    </dl>
                    
                    <dl>
                        <dt><label for='name'>Name:</label></dt>
                        <dd><input type='text' name='name' id='' size='54' value= '".$user->name."' /></dd>
                    </dl>
                    <dl>
                        <dt><label for='surname'>Surname:</label></dt>
                        <dd><input type='text' name='surname' id='' size='54' value= '".$user->surname."'/></dd>
                    </dl>
        
                  <dl><dt><label for='interests'>Admin:</label></dt><dd>";
                    if($user->admin == 1)
                    {
                        $page .= "<input type='checkbox' name='admin' id='' value='Admin' checked='checked' />";
                    }
                    else
                    {
                        $page .= "<input type='checkbox' name='admin' id='' value='Admin' />";
                    }    
                        
                    $page .= "</dd></dl>";
                    
                    $page .= "<dl class='submit'>
                    <input type='submit' name='submit' id='submit' value='Update' />
                     </dl>
                    
                </fieldset>
                
         </form>
         </div>  ";
        return $page;
    }
    
    
    function updateUser()
    {
        global $db;
       $id = $_POST['id']; 
       $username = $_POST['username']; 
       $password = $_POST['password']; 
       $name = $_POST['name']; 
       $surname = $_POST['surname'];
       
       $user = $db->get_row("Select * from Users where id = ".$id);
       
       if($user->password != $password)
       {
           $password = md5($password);
       }
       
    if(isset ($_POST["admin"]))$admin = 1;
    else $admin = 0;
     // var_dump($_POST); die();
       
       $query = "UPDATE Users SET username = '".$username."', password = '".$password."', name ='".$name."', surname ='".$surname."', admin = ".$admin." WHERE id =".$id;
      // echo $query; die();
       $db->query($query);
       header("Location:users.php?page=list&message=User updated");
       
    } 
    
    function added()
    {
        global $db;
       //$id = $_POST['id']; 
       $username = $_POST['usernameNew']; 
       $password = md5($_POST['passwordNew']); 
       $name = $_POST['name']; 
       $surname = $_POST['surname'];
       
       //$user = $db->get_row("Select * from Users where id = ".$id);
       
      /* if($user->password != $password)
       {
           $password = md5($password);
       }
       */
    if(isset ($_POST["admin"]))$admin = 1;
    else $admin = 0;
     // var_dump($_POST); die();
       
       $query = "INSERT INTO Users (username,password,name,surname,admin) VALUES ('".$username."', '".$password."', '".$name."', '".$surname."', ".$admin.")";
      // echo $query; die();
       $db->query($query);
       header("Location:users.php?page=list&message=User added");
       
    }
    
    function deleteUser($id)
    {
        Global $db;
        
        $db->query("DELETE FROM Users WHERE id = ".$id);
        header("Location:users.php?page=list&message=User deleted");
    }
    
     function addUser()
    {
        $page = "";
        $page .= "<div class='form'>
         <form action='users.php?page=added' method='post' class='niceform'>
         
                <fieldset>
               
                    <dl>
                        <dt><label for='usernameNew'>Username:</label></dt>
                        <dd><input type='text' name='usernameNew' id='userNew' size='54' value= '' /></dd>
                    </dl>
                    <dl>
                        <dt><label for='passwordNew'>Password:</label></dt>
                        <dd><input type='password' name='passwordNew' id='passNew' size='54' value= ''/></dd>
                    </dl>
                    
                    <dl>
                        <dt><label for='name'>Name:</label></dt>
                        <dd><input type='text' name='name' id='' size='54' value= '' /></dd>
                    </dl>
                    <dl>
                        <dt><label for='surname'>Surname:</label></dt>
                        <dd><input type='text' name='surname' id='' size='54' value= ''/></dd>
                    </dl>
                    
<dl>
<dt><label for='interests'>Admin:</label></dt>
                   <dd> <input type='checkbox' name='admin' id='' value='Admin' />
                            </dd>
                            </dl>
                        <dl class='submit'>
                    <input type='submit' name='submit' id='submit' value='Add' />
                     </dl>
                    
                </fieldset>
                
         </form>
         </div>  ";
        return $page;
    }
}
?>
